dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
861
share rss forum feed


FF4m3

@rr.com

Mozilla Sends Cease And Desist To Spyware Maker

• From H-Online:

Mozilla has confirmed that it has sent a cease and desist letter to Gamma International, makers of the FinFisher spyware. A report by the University of Toronto Citizen Lab on the global spread of Gamma's FinFisher spyware revealed that the FinSpy component deployed on victims' systems masquerades as Mozilla Firefox. Binaries report themselves as "Firefox.exe" and carry properties that are associated with Firefox including version numbers and copyright and trademark claims that refer to "Firefox and Mozilla developers". Mozilla also notes that an expert user examining the code of Gamma's spyware would find a verbatim copy of the assembly manifest from Firefox software.

Gamma's use of the "brand and trademarks to lie and mislead" does not affect Firefox itself; the use of the Firefox branding and properties is "entirely separate" from the Firefox code and is just one of the methods that FinFisher uses to avoid detection.

According to Citizen Lab, the software has turned up in spyware attacks on pro-democracy activists in Bahrain and has apparently been deployed in Malaysia where a General Election is taking place. The organisation "Reporters without Borders" listed Gamma as one of five "Corporate Enemies of the Internet" in its recent surveillance report.

Mozilla did not publish the content of the letter. It is currently unclear how Mozilla plans to legally progress if Gamma does not cease and desist, and there are few legal precedents which would inform how a case would progress from that point.

Finfisher Spyware Use By Governments Expanding, Masquerades as Firefox:

"Governmental spying software has been in the news a lot in recent months and today Citizen Lab has revealed its latest findings, showing that one of the most prolific tools in use, Finfisher, is now in use in 36 countries around the world [beware the auto playing video ads with sound]." And, Voulnet adds "According to analysis and report by CitizenLab of the Gamma FinFisher codebase uses the LGPL GNU Multiple Precision Arithmetic Library, possibly without adhering to its distribution restrictions.



therube

join:2004-11-11
Randallstown, MD

Protecting our brand from a global spyware provider



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
reply to FF4m3

Nasty business



El Quintron
Resident Mouth Breather
Premium
join:2008-04-28
Etobicoke, ON
kudos:4
reply to FF4m3

This is brutal, I guess my next question is how does FinFisher get installed in the first place?

EQ
--
Support Bacteria -- It's the Only Culture Some People Have



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico

Method of infection: as below

quote:
The surveillance suite is installed after the target accepts installation of a fake update to commonly used software. Code which will install the malware has also been detected in emails. The software, which is designed to evade detection by anti-virus software, has versions which work on mobile phones of all major brands.

A security flaw in Apple's iTunes allowed unauthorized third parties to use iTunes online update procedures to install unauthorized programs. Gamma International offered presentations to government security officials at security software trade shows where they described to security officials how to covertly install the FinFisher spy software on suspect's computers using iTunes' update procedures.


El Quintron
Resident Mouth Breather
Premium
join:2008-04-28
Etobicoke, ON
kudos:4

Thanks for that, that's exactly what I needed.



dauthiatull
Premium
join:2003-08-06
Toronto, ON
reply to FF4m3

anyway to verify a firefox installation?


MrFixit1

join:1999-11-26
Madison, WI

»releases.mozilla.org/pub/mozilla···/latest/ contains the checksums for the complete downloads , as well as components , of the " real thing "
Not to sure if that is the best way to check an installed version of FF , but at least it will give you a way to be sure the downloads are correct .



dauthiatull
Premium
join:2003-08-06
Toronto, ON
reply to FF4m3

lol ty but I wouldnt know what to do with any of that.
--
a birth certificate is also proof of death, eventually


MrFixit1

join:1999-11-26
Madison, WI

One thing to remember is that FinFisher-FinSpy is not a modified version of FF .
What is happening is that when you check the properties of the malware components , they return info claiming to be FF components .
This is being done to try to avoid detection .
If you compare a " fake " component with the real thing , it is not hard to detect the differences .

Not totally the same as verifying a FF install ,as installed on a computer
Yes you can verify the components , yes you can verify the downloads , just not sure how you could verify a complete installation . Might be able to do it on a brand new fresh install , but not too sure you could even do that .

The good part is that most AV vendors claim to detect FinFisher - FinSpy . Now if we could just be sure they do



FF4m3

@rr.com
reply to FF4m3

FinFisher: For All Your Intrusive Surveillance Needs:

As part of the SpyFiles operation initiated by WikiLeaks, in which OWNI has been working as a partner, the names of companies that supply hacking software known as trojans to the police and intelligence services can now be revealed. These systems are introduced via hard drives, files and messages and are capable of spying in real time on unsuspecting targets. These include the German company DigiTask, who have equipped the Swiss and German police and, in a commercial brochure which OWNI has been able to consult, soberly present the trojan as a piece of “remote forensic software”. Other companies that OWNI can now name are ERA (Switzerland), whose spy systems were recently still being used in Syria; Hacking Team (Italy); and Gamma (Great Britain), through their subsidiary FinFisher (™), whose full catalogue OWNI was been able to gain access to.

The Spy Files:

On Thursday, December 1st, 2011 WikiLeaks began publishing The Spy Files, thousands of pages and other materials exposing the global mass surveillance industry.

List of documents > Tags > GAMMA FINFISHER TROJAN

Remote Monitoring & Infection Solutions - FINSPY [PDF]:

Related -
CONFIRMED: US Counterterrorism Agency Can Amass Data On Any Citizen


siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
reply to El Quintron

Most welcome.